MobileIron Brings VPN-Like Tunnels To Mobile Security

AppConnect and AppTunnel aim to help IT secure business apps while keeping them separate from personal content in a BYOD environment.

MobileIron announced two new additions to its suite of mobile device management (MDM) and mobile application management (MAM) products on Tuesday: AppConnect and AppTunnel.

The offerings reflect the manner in which IT priorities have evolved as the BYOD phenomenon has accelerated and matured. Early MDM trends focused on securing the device itself, but because a single phone or tablet is of relatively little value from an enterprise perspective, the emphasis has shifted to securing the data. This goal can be a delicate balance, however. Because so many workplace devices are owned by employees, IT needs to be wary of the way corporate content is accessed and handled. Then again, because the devices are not owned by the business, IT also needs to be mindful of privacy.

MobileIron's new products attempt to navigate this difficulty by separating business apps from personal content, an approach that bars company information from being moved into an unauthorized app while also giving IT control over the sanctioned ones. Savid Technologies CEO Mike Davis has previously told InformationWeek that such a separation represents the "holy grail" of mobile device security, so if businesses take to MobileIron's approach, the company could have a hit.

AppConnect turns each app into a secure, encrypted container. This capability is fairly run-of-the-mill, but MobileIron takes the concept a step further by allowing individual containers to communicate with one another. This effectively creates a larger wrapper around the individual containerized apps, allowing data to be shared among them according to permissions defined by an administrator. Functions such as cut-and-paste, for example, can be turned on or off depending on the user's level of access. AppConnect also allows single sign-on, eliminating the need to authenticate identity for each individual app.

MobileIron allows its wrapper to be implemented after an app has been completed or, for more precise control, via an SDK that allows the technology to be applied during the development process. With custom apps on the rise, many developers are likely to appreciate this flexibility.

AppTunnel, meanwhile, links each container to the corporate network through a secure tunnel. This pathway offers VPN-like protection without actually establishing a VPN or otherwise altering network security settings. Combined with AppConnect, AppTunnel is intended to protect sensitive content in all its states, whether in transit between the network and the device, in motion among individual apps or at rest on the smartphone or tablet.

Parity is fairly high among MDM and MAM products, but 451 Research analyst Chris Morales said in an email that the technology driving AppConnect and AppTunnel is fairly unique. He wrote that other competitors offer services that partially overlap with MobileIron's new products but cited none that offer the same full set of capabilities. He said, for example, that Zenprise offers VPN-like app tunnels but countered that, "[It] is not app-centric really. It tunnels the apps only but terminates to their client." He called Mocana the "closest competitor," noting that it includes app wrapping, data controls and app-centric VPN tunnels. "They don't have content management though," he stated.

Morales also offered that a mix of IT controls, separation of personal and business apps and secure tunneling "is the direction I prefer and would like to see the market go." He predicted that this sort of technology will become more ubiquitous.

BitzerMobile has already beaten MobileIron to the punch here but Bitzer's BEAM 2.2 enterprise mobility platform is built around a security focus. BEAM 2.2 features single sign-on, encryption, and two-factor authentication are offers considerably more security than this new MobileIron product. Bitzer's core apps are offered directly inside the container to provide a much better user experience for end users. Bitzer's BEAM 2.2 is available today, the story above doesn't provide details on availability or pricing for MobileIron...is this product even shipping?

For years, security experts have stressed the need to get security controls and policy enforcement as close to the data as possible. Mobile Iron's approach seems like it's taking steps in that direction. In fact, the ability to enable/disable functions like cut-and-paste sounds a lot like enterprise rights management. On the downside, ERM never took off because trying to create policies that protect content without making that content totally unusable to workers is an ugly, complex mess. I'm curious to see how this plays out.

Offering a VPN alternative in the market is interesting. In fact, we have been shipping this solution already for more than a year. VPN-Like Tunnels allow ionGrid's Nexus Enterprise server to offer all of the business productivity suite that we enable our Global 2000 customers with including but not limited to document access, web/intranet, app development and deployment, email/PIM, and other related business services. We have an extremely feature-ful set of capabilities that have UI/UX for the employee and IT security and policy held as top tenets. Check out www.iongrid.com to learn about all the innovative offerings in mobile security and beyond.

Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.

Worries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?